Patch-ID# 103297-02 Keywords: security blocked packet ICMP ping core Synopsis: SunOS 4.1.4: ping security fixes Date: Jul/14/98 Solaris Release: 1.1.2 SunOS Release: 4.1.4 Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun4(all) BugId's fixed with this patch: 1219682 4074562 Changes incorporated in this version: 4074562 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: ping Problem Description: 4074562 buffer overflow exploit in ping allows root access 1219682 The ping command may core dump if it sees an unknown ICMP code. Such error codes can be returned to ping if the request is blocked by a router or firewall system. Patch Installation Instructions: 1. As root, make a copy of the original ping. mv /usr/etc/ping /usr/etc/ping.FCS chmod 700 /usr/etc/ping.FCS 2. Copy the new ping binary from the patch directory. cp ping /usr/etc 3. chmod 4755 /usr/etc/ping